Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please help my infected computer - third party keeps trying to change


  • This topic is locked This topic is locked

#16
Teima

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Hello Heather. Are you still with me at the moment?
  • 0

Advertisements


#17
starlingdarlinf

starlingdarlinf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Teima,
Yes I am. The ESET scan is still running only at 35% and its been running for almost 14hours so once that is done I will post the information. Sorry about the delay. -Heather
  • 0

#18
starlingdarlinf

starlingdarlinf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hello!
Ok finally got it all done, below are the logs.

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.21.5\deltaApp.dll.vir a variant of Win32/Toolbar.Montiera.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.21.5\deltaEng.dll.vir probably a variant of Win32/Toolbar.Montiera.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.21.5\deltasrv.exe.vir a variant of Win32/Toolbar.Montiera.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll.vir Win32/Toolbar.Babylon.G potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-bg.exe.vir a variant of Win32/Toolbar.CrossRider.V potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-bho.dll.vir a variant of Win32/Toolbar.CrossRider.V potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-bho64.dll.vir a variant of Win64/Toolbar.Crossrider.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-buttonutil.exe.vir probably a variant of Win32/Toolbar.CrossRider.V potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-buttonutil64.dll.vir probably a variant of Win64/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-buttonutil64.exe.vir a variant of Win64/Toolbar.Crossrider.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-chromeinstaller.exe.vir a variant of Win32/Toolbar.CrossRider.W potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-codedownloader.exe.vir a variant of Win32/Toolbar.CrossRider.T potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-enabler.exe.vir a variant of Win32/Toolbar.CrossRider.W potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-firefoxinstaller.exe.vir a variant of Win32/Toolbar.CrossRider.W potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-updater.exe.vir a variant of Win32/Toolbar.CrossRider.W potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\utils.exe.vir Win32/Toolbar.CrossRider.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.11\PriceGong.crx.vir a variant of Win32/PriceGong.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.11\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\SPTool.dll.vir Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\SPtool.dll_1390372927464.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\uninstall.exe.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\cltmng.exe.vir a variant of Win32/Conduit.SearchProtect.I potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPTool64.exe.vir Win64/Conduit.SearchProtect.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC32.dll.vir Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC32Loader.dll.vir Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC64.dll.vir a variant of Win64/Conduit.SearchProtect.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC64Loader.dll.vir Win64/Conduit.SearchProtect.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\UI\bin\cltmngui.exe.vir a variant of Win32/Conduit.SearchProtect.I potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Swag_Bucks\ldrtbSwag.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Swag_Bucks\Swag_BucksToolbarHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Swag_Bucks\tbSwag.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe.vir Win32/AdWare.Yontoo.E application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll.vir probably a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Local\Conduit\CT2260173\Swag_BucksAutoUpdateHelper.exe.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.32.zip.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\LocalLow\Swag_Bucks\ldrtbSwa0.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\LocalLow\Swag_Bucks\ldrtbSwag.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\LocalLow\Swag_Bucks\tbSwa0.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\LocalLow\Swag_Bucks\tbSwa1.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\LocalLow\Swag_Bucks\tbSwag.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\BabSolution\CR\Delta.crx.vir a variant of Win32/Toolbar.Babylon.I potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir Win32/Toolbar.Babylon.I potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll.vir Win32/Toolbar.DefaultTab.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\Movdap\WebCakeDesktop.exe.vir MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\Movdap\dat\Desktop.OS.dll.vir a variant of MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\Movdap\dat\Dora.dat.vir a variant of MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\Movdap\dat\Maintain.dat.vir a variant of MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\Movdap\dat\Paladin.dat.vir a variant of MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\Movdap\dat\Phoenix.dat.vir a variant of MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\Web Cake\WebCakeDesktop.exe.vir MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\Web Cake\dat\Desktop.OS.dll.vir a variant of MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\Web Cake\dat\Maintain.dat.vir a variant of MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\WebCake\WebCakeDesktop.exe.vir MSIL/WebCake.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\WebCake\dat\Desktop.OS.dll.vir a variant of MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\WebCake\dat\Dora.dat.vir a variant of MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\WebCake\dat\Maintain.dat.vir a variant of MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\WebCake\dat\Paladin.dat.vir a variant of MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\WebCake\dat\Phoenix.dat.vir a variant of MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\Program Files (x86)\WorldRiddlesAnimals\AnimalWorld.exe a variant of Win32/Kryptik.BCY trojan cleaned by deleting - quarantined
C:\Users\Heather\AppData\Local\Media Get LLC\MediaGet2\update.exe Win32/MediaGet.AB potentially unwanted application deleted - quarantined
C:\Users\Heather\AppData\LocalLow\1409.tmp Win64/Olmarik.AY trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\01242014_161433\C_Program Files (x86)\WBDesktop.Updater.exe MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\_OTL\MovedFiles\01242014_161433\C_Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll Win32/Toolbar.Escort.A potentially unwanted application deleted - quarantined
C:\_OTL\MovedFiles\01242014_161433\C_Program Files (x86)\Movdap\WebCakeIEClient.dll probably a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\01242014_161433\C_Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\_OTL\MovedFiles\01242014_161433\C_Program Files (x86)\Swag_Bucks\prxtbSwag.dll Win32/Toolbar.Conduit.O potentially unwanted application deleted - quarantined
C:\_OTL\MovedFiles\01242014_161433\C_Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.11_0\options\pg_options.js Win32/PriceGong.B potentially unwanted application deleted - quarantined
C:\_OTL\MovedFiles\01242014_161433\C_Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.11_0\plugins\npPriceGong_CH.dll a variant of Win32/PriceGong.A potentially unwanted application deleted - quarantined
C:\_OTL\MovedFiles\01242014_161433\C_Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0\BabMaint.x a variant of Win32/Toolbar.Babylon.I potentially unwanted application deleted - quarantined
C:\_OTL\MovedFiles\01242014_161433\C_Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0\NPObject.dll a variant of Win32/Toolbar.Babylon.Q potentially unwanted application deleted - quarantined
C:\_OTL\MovedFiles\01242014_161433\C_Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\mffdcionknddopdmdnloanoafafkmckb\1.8.1.24_0\background.js JS/SaveValet.A potentially unwanted application deleted - quarantined




aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-02-15 11:45:22
-----------------------------
11:45:22.474 OS Version: Windows x64 6.1.7601 Service Pack 1
11:45:22.474 Number of processors: 2 586 0x2505
11:45:22.474 ComputerName: ANDEE UserName:
11:45:29.541 Initialize success
11:50:57.929 AVAST engine defs: 14021402
11:51:26.041 The log file has been saved successfully to "C:\Users\Heather\Desktop\Geeks2Go\aswMBR(1).txt"
  • 0

#19
Teima

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
How does the machine appear to be running at the moment? Is it still slow as it was before?
  • 0

#20
starlingdarlinf

starlingdarlinf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hello,
The difference in my computer is amazing. It still runs a little slow when I'm typing, but everything else seems to be working well and best of all no more crazy pop ups. Thank you so very much. -Heather
  • 0

#21
Teima

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Congratulations your computer appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety. :)

Removal of OTL

Double-click OTL to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

Uninstall AdwCleaner:

Right-click on AdwCleaner.exe nd select Run as Administrator to start the program
Click on Uninstall >> Yes, this will remove the application and its log(s) etc.

Step One

Enabling Windows Updates

1. Please proceed with clicking "Start" then choosing the "Control Panel" on the left hand window.

2. Click the first menu selection named "System and Security".

3. Click the next option entitled "Windows Update".

4. Now click "Change Settings" which is situated on the left hand side.

5. Please make sure that the "Important Updates" box is selected to "Install Updates Automatically". Whilst these updates have been selected to install "Every Day".

6. Please also enable the "Recommended Updates" check box if it hasn't already been enabled.

7. Click "Ok" once these steps have been followed.

Step Two

Clearing System Restore Points

1. Please Navigate to the Start Menu

2. Once that's loaded right click on my computer and select the option named "Properties".

3. On the menu which is located on the left hand side please select "System Protection".

4. Under the system properties dialogue which is now loaded navigate to the tab named "System Protection" and proceed with clicking "Configure".

5. Click the option entitled "Delete" and proceed with clicking "Continue". Your system restore points have now been cleared.

Other recommendations

Please note that prevention is better than any cure. I'll post some recommendations below to further enhance your security.

  • Please read this great article by miekiemoes entitled How to prevent Malware

  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP